Column Control DTX

SecureStack

Data Sheets

Problem

Networks have data that we need to secure and there are many things to do to achieve this security: • Inspecting encrypted traffic • Monitoring who is on the network and evaluating patterns • Masking sensitive data Each of these activities is important, but unfortunately, tends to come with a specialized appliance. Each of these appliances can cost thousands of dollars each creating a significant financial burden. Beyond that, learning and maintaining each of these appliances overextends IT and security teams and prevents from focusing on real risks when they occur. The modern organization needs a way to streamline how they secure their network. Simplifying the setup and management without compromising on security.

 

Solution

Keysight allows organizations to shed the burden of many appliances by offering SecureStack capabilities on its visibility platforms – network packet brokers and CloudLens. Organizations know that security is visibility – you have to see the data to be able to secure it and prevent attacks. With Keysight visibility you can decrypt and encrypt data and have the ability to mask data on your network without specialized appliances. Saving your organization dollars, helping IT and security teams, and all while better protecting your network.

 

Highlights:-

• Streamline security by leveraging network packet brokers/visibility platform

• Greater visibility by decrypting traffic to detect malware, prevent data loss, monitor applications and more

• Offload the TLS/SSL decryption work and remove your network performance bottleneck

• Supports all leading ciphers

• Secure PII traversing the network, keeping your consumers and organization safe with data masking +

 

Key Features:-

Inline Decryption: Encrypted traffic has become a dual-edged sword. The same encryption we use to protect data has become the vehicle hackers manipulate to inject malware and other threats into a network. As most traffic becomes encrypted and with ephemeral key on its way to becoming the dominant technology, organizations need a way to retain the benefits of TLS 1.3 standards, while being able to inspect traffic for threats and malware to protect their networks and users.  Fewer than 20% of firewalls, UTM and IPS deployments support decryption, and next generation firewalls can experience an average performance loss of 74% when using 512b and 1024b ciphers, and 81% when using 2048b ciphers.

Keysight's Inline Decryption capability enables organizations to see inside traffic that uses ephemeral key cryptography through its visibility platform. With Keysight's Inline Decryption you can:

• Decrypt once and scale monitoring infrastructure. Offloading TLS/SSL decryption will optimize security and monitoring tool performance

• Deploy inline, out-of-band (OOB), and simultaneous inline and OOB tool configurations for the ultimately flexibility

• See into both outbound and inbound traffic to inspect downloads and detect server attacks

• Achieve limitless visibility when used with Keysight's NetStack, PacketStack and AppStack capabilities

Inline Decryption is available via high-performance application modules. Vision ONE utilizes the VAM and Vision X utilizes the AM:

• Inline Decryption employs a dedicated cryptographic processor, to provide the best throughput integrated with a visibility solution

• Throughput options include 1G, 2G, 4G or 10G (license per module) for the VAM and 25G (license per CPU) for the AM. Upgrades via licensing

• Includes built-in policy management, URL categorization, and real-time insight through reporting

• Supports all leading ciphers

 

Out-of-Band Decryption:

• Get visibility to encrypted sessions without compromising security with rolebased access controls and bidirectional decryption capability

• Handle 10 million concurrent sessions with up to 8 Gbps throughput within AppStack on the Vision ONE and Vision 7300 and up to 20 Gbps throughput on the Vision X platform and the Vision ONE w/VAM platform

• Support encryption ciphers and key sizes: 3DES, RC4, AES, SHA1/521/384/256/224, MD5, ECC (Elliptic Curve), RSA and Diffie-Hellman Key Exchange

• No impact on application identification and out-of-band data filtering performance

×

Please have a salesperson contact me.

*Indicates required field

Preferred method of communication? *Required Field
Preferred method of communication? Change email?
Preferred method of communication?

By clicking the button, you are providing Keysight with your personal data. See the Keysight Privacy Statement for information on how we use this data.

Thank you.

A sales representative will contact you soon.

Column Control DTX